Pages

Blog

The new EU General Data Protection Regulation: Does it apply to you?

July 27th, 2017

From 25 May 2018 Australian businesses may need to comply with the EU General Data Protection Regulation, even if they don't have any physical presence in the EU. If you offer goods and services or monitor the behaviour of individuals in the EU, then you may be caught.
Our Guidance...

Why is information security blue?

March 28th, 2017

They say a picture is worth a thousand words. If that's true, what do the images used for information security tell us? What are they trying to convey and are those messages consistent with how we would like to think about information security?
There’s an easy way to find out how...

Notifying eligible data breaches: What does it all mean?

March 13th, 2017

Key take-aways
Only ‘eligible data breaches’ are notifiable to affected individuals and the OAIC.
An eligible data breach is one where there been loss, unauthorised access to or disclosure of information which is likely to result in serious harm.
If you’re unsure,...

Why women (and greater diversity) are good for cyber security

March 12th, 2017

The low number of women in cyber security, and ways that we might encourage more women into the field, has been receiving a lot of attention recently. This led me to ponder why I think it is important that more women become cyber security professionals.
There is certainly little doubt that...

What's happened to data breach notification law in Australia?

December 4th, 2016

It’s December 2016 and still no data breach notification law in Australia, despite the government committing to introduce legislation by December 2015 as part of the protections promised on the introduction of mandatory data retention requirements. So, what’s been going on?

Regular Password Changes: No Longer Good Security Practice

October 18th, 2016

Pages

News

Domain Related Changes to CISSP Credential Exam

February 15th, 2018

Effective April 15, 2018, (ISC)2 will implement domain-related changes for the Certified Information Systems Security Professional (CISSP®) credential exam. These changes are being implemented based on the outcome of the Job Task Analysis (JTA). The JTA provides the foundation for each of (ISC...

Guidance Note: The new EU General Data Protection Regulation: Implications for Australia

August 28th, 2017

Introduction
After years of negotiations, the new EU General Data Protection Regulation (GDPR) was passed in 2016, bringing with it wide reaching changes to the EU data protection regime which has been in place for over 20 years, under the EU’s Directive 95/46/EC. Much has been written...

AWSN Melbourne

August 21st, 2017

Dr Jodie Siganto will be speaking at the AWSN Melbourne branch lunch on September 20th 2017. This is a free event open to AWSN members and guests and will be hosted by BHP at their Melbourne CBD offices.
The title of Jodie's talk is:
The Australian Cyber Security Skills Shortage: Myths,...

IT Security Training Australia sponsors HAISA 2017

August 14th, 2017

We invite you to participate in the event which, will be held over the 28-30th November 2017 in Adelaide, Australia. This symposium, the eleventh in the series, will bring together leading figures from academia and industry to present and discuss the latest advances in information security from...

The use of chatbots and voice activated apps (such as Siri or Google Now, smart TVs and other household items and even toys like Hello Barbie) is increasing. These apps rely on recording and storing audio collected by the device on an on-going basis. These recordings will inevitably...

February 7, 2017: Ask out loud - Safer Internet Day

February 6th, 2017

What: Share the single call to action with your staff and / or customers: #AskOutLoud
If you experience something suspicious online, Ask Out Loud because your online safety is worth a second opinion.
How: Share the pre-prepared resources (produced on behalf of Stay Smart Online(SSO)) and promote...

Pages

Resources

Case Study: The Equifax Breach

October 6th, 2017

The following is a summary of some of the most important things to know about the breach and the aftermath to date:
The breach: Between mid-May and July 2017 hackers accessed data held by Equifax through a publicised vulnerability in a web application, for which there was a well-known...

Data breach preparedness: It's more than just notificaton ...

April 20th, 2017

New Australian data breach notification laws, effective in February 2018, have focused attention on organisations’ preparedness to notify of eligible data breaches. But notification is just one part of responding to a data breach or cyber incident. Data breaches are complex,...

White Paper

10 reasons why an Australian data breach notification law won’t make any difference

August 29th, 2016

Having been on the drawing board since 2008, It is entirely possible that at some stage in the next two years, Australia may get its own version of a data breach notification law. But, assuming a law similar to the draft legislation issued for consultation in December 2015 is passed, will it...

Data Breach Notification In Australia - Whitepaper Available!

August 30th, 2013

The first data breach notification law (DBNL) was introduced in California in 2002 (and enacted in 2003). Since that time, similar laws have been introduced in different forms in nearly all the States in the United States and are under consideration in a number of other jurisdictions...

Privacy Act Amendments: What Do They Mean For Information Security?

August 30th, 2013

In May 2012, as part of Privacy Awareness Week, the Attorney General announced amendments to the Privacy Act 1988 (Cth), with the Amendment Bill (all 266 pages of it) introduced to Parliament in late May. The Bill is expected to pass through both Houses without issue. The amendments...

Data Breach Litigation In The U.S.: What Does It Mean For Australia?

August 30th, 2013

Since the passing of Data Breach Notification laws in the U.S. there has been an explosion of data breach related litigation. Most of the actions are brought as class action suits (because the amounts sought per head is small but the groups are often very large). Although most of the...

Our Partners

Who We Are

IT Security Training Australia is an Australian training company specialising in professional privacy and information security training courses, with certified products from a number of global partners that we are qualified to deliver to the Australian market.